This invention relates to a method for authenticating a person on the basis of biometric data and in particular to a method for generating a key record for a verification process from this person""s biometric data. The invention relates in addition to a system for generating the key record and to a system for authenticating the person on the basis of biometric data.
For identifying or verifying a person, access and admission systems frequently use a key associated with this person and including a discrete record. This may be for example a personal identification number (PIN). The PIN is stored as a reference key either directly in the access-protected system or in a separate data carrier serving as an ID card for the access-protected system. The data carrier can itself constitute an access-protected system, for example a credit card, money card or the like.
A disadvantage of PIN-based systems is that the PIN is easily forgotten and therefore frequently written down, which lowers the system security. Furthermore, PINs are not bound to the person but only relate to the person. That is, the PIN can be passed on to other people or spied out, which uncontrollably increases the group of entitled users. Entry of the PIN with or without presentation of a user card is thus no proof that the legitimate user is present.
These problems do not exist where a biometric physical or behavior-dependent feature of the user is used instead of a PIN for verifying the user""s identity. Such biometric features are uniquely bound to the person. They can be neither passed on nor forgotten. A potential third party wanting to procure unauthorized access to the protected system has only a limited number of reference features to present on a trial basis.
A disadvantage of biometric user verification is that the comparison between the stored biometric data and the particular presented biometric data captured by sensor technology is only a comparison in terms of similarity, permitting only a statement about how likely it is that the data being compared match. This is because currently available sensor systems are unsuitable for always deriving the same biometric data from a presented biometric feature with absolutely exact reproducibility. Therefore, a biometric data record stored as a reference record in a smart card, for example, is only tested for a necessary degree of match with a newly captured biometric record in hitherto known authentication or verification methods. In addition, elaborate biometric software with complex biometric algorithms runs in the background during the verification phase. Verification by means of biometric algorithms is thus relatively elaborate.
Biometric user verification is fundamentally more reliable than mere PIN comparison for the abovementioned reasons (user-bound, cannot be forgotten or passed on). However, it is not transferable to conventional security systems with PIN comparison without requiring elaborate changes in the file systems, smart card applications and transaction sequences. With existing applications using PIN verification for user authentication, introducing biometric verification would frequently involve having to replace all cards in circulation, since card application and file system would be new. Further, interventions in the transaction sequence would be necessary so that the online check of the PIN would have to be replaced by an off-line check of e.g. an iris pattern. Furthermore, considerable time and security effort would be needed for carrying out the biometric algorithm and for data transfer, also resulting in difficulties in the standardization and definition of suitable interfaces for open applications.
The problem of the present invention is to overcome the disadvantages of biometric user verification without losing the advantages of biometric user verification over PIN verification.
The invention exploits the fact that although a biometric feature can never be captured by sensor technology completely in the form of uniquely reproducible raw data for generating a reference or verification record, the particular captured raw data have a sufficient number of common features to permit their origin with the same feature bearer to be plausibly proved statistically. Therefore, according to the invention, only a comparatively small number of especially characteristic data, instead of the complete biometric reference or verification data, is obtained from the biometric raw data in order to generate from this characteristic raw record a discrete record as a reference key or verification key record, which is always uniquely reproducible. This discrete key record is then used either directly as a PIN substitute or for generating a unique PIN (xe2x80x9cbiometrically generated PINxe2x80x9d).
The biometrically generated PIN is generated in the terminal where the sensor unit is installed, and transferred to the system as a PIN, optionally protected cryptographically. As with the conventional PIN, it may well happen that several people in the group of users are assigned the same PIN.
It is known from Seal C et al., xe2x80x9cIris Recognition for User Validation,xe2x80x9d British Telecommunications Engineering, London, GB, Vol. 16, no. 2, July 1997, pages 113-117, to derive a characteristic data record from an iris texture. The parameters form a code that constitutes a unique description of the eye. This code is structured to allow fast comparison with the iris code of authorized users. The described method does not require an exact match to be found. The identification algorithm allows identification even with a mismatch of up to 33%. Since the generated code is consequently not uniquely reproducible, this method is unsuitable for reducing the abovementioned disadvantages.
Generating and using the biometrically generated PIN makes it unnecessary to store a complex biometric reference record on the data carrier card, e.g. a smart card or magnetic card, and/or in the system. The biometrically generated PIN is instead stored and used like a conventional PIN. No interventions in sequence structure and data management of the applications are necessary, so that the biometry can be integrated in particular into existing PIN-based systems and card applications without any special organizational effort. The PIN comparison can remain unchanged in the background system or on the card. Insofar as today""s systems provide for the users to be able to define their PINs themselves, cards in circulation can also continue to be used unchanged with a new, biometrically generated PIN. In the transition period, biometric PIN generation can optionally be provided for PIN entry until all systems are equipped with sensors for capturing the characteristic biometric raw data. Optional use of both PIN systems will still be expedient in the future for users with temporarily or permanently poor feature quality. Such users can use classic PIN entry if needed while employing the same interface as biometry users.
Biometric PIN generation involves unique mapping, that is, a person""s presented and sensed biometric raw data are always mapped onto the same PIN. The biometri-biometrically generated PIN thus combines the advantages of conventional PINs with biometry while simultaneously overcoming the disadvantages of conventional PIN and biometric systems. The biometric feature used may be for example a fingerprint or the iris structure or any other biometric feature, for example a characteristic behavior pattern of the person, e.g. a dynamic signature, i.e. the relations of for example pressure and/or speed occurring during signing are evaluated.
There are numerous possibilities for generating from characteristic biometric raw data a discrete key record that is always uniquely reproducible and is usable either directly as a PIN code or for generating a multidigit PIN code.